On 10-06 11:03, Josselin Mouette wrote: > Le dimanche 05 octobre 2008 à 19:12 +0200, Witold Baryluk a écrit : > > Hi, > > > > i'm using LDAP configuration without problem on dozen of workstations, > > with everything working. Everything but one, screensaver unlocking. > > > > This is very iritating. I added pam_permit to > > /etc/pam.d/gnome-screensaver > > but this isn't the best way... > > > > Debug log in attachment > > AIUI, the debug log merely indicates that the PAM authentication check > returns FALSE. > > Does it happen for all users or only one? Yes, all LDAP users. Local users are only root and system accounts. Just created "guest" account in /etc/{passwd,shadow} - unlocking works.
> > What is your locale? Does it also happen in C locale? pl_PL.UTF-8. Just tested with C locale - same problem. > > Are there any 8-bit characters in the password? No. ------------------------------------------------------------------------ /etc/nsswitch.conf : passwd: compat ldap group: compat ldap shadow: compat hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis ------------------------------------------------------------------------ /etc/libnss-ldap.conf : uri ldaps://ldapserver.smp.if.uj.edu.pl ssl on ldap_version 3 tls_cacertfile /etc/ssl/certs/SMP_Root_Certification_Authority.pem rootbinddn cn=ldapadmin,dc=smp,dc=if,dc=uj,dc=edu,dc=pl base dc=smp,dc=if,dc=uj,dc=edu,dc=pl scope sub # ustawione bo udev przy bootowaniu jest skopany bind_policy soft nss_base_passwd ou=People,dc=smp,dc=if,dc=uj,dc=edu,dc=pl nss_base_shadow ou=People,dc=smp,dc=if,dc=uj,dc=edu,dc=pl nss_base_group ou=Group,dc=smp,dc=if,dc=uj,dc=edu,dc=pl nss_base_aliases ou=Aliases,dc=smp,dc=if,dc=uj,dc=edu,dc=pl ------------------------------------------------------------------------ /etc/pam_ldap.conf : uri ldaps://ldapserver.smp.if.uj.edu.pl ssl on ldap_version 3 tls_cacertfile /etc/ssl/certs/SMP_Root_Certification_Authority.pem rootbinddn cn=ldapadmin,dc=smp,dc=if,dc=uj,dc=edu,dc=pl base dc=smp,dc=if,dc=uj,dc=edu,dc=pl scope one pam_filter objectclass=posixAccount pam_password md5 nss_base_passwd ou=People,dc=smp,dc=if,dc=uj,dc=edu,dc=pl nss_base_shadow ou=People,dc=smp,dc=if,dc=uj,dc=edu,dc=pl nss_base_group ou=Group,dc=smp,dc=if,dc=uj,dc=edu,dc=pl nss_base_aliases ou=Aliases,dc=smp,dc=if,dc=uj,dc=edu,dc=pl ------------------------------------------------------------------------ /etc/ldap/ldap.conf : BASE dc=smp,dc=if,dc=uj,dc=edu,dc=pl URI ldaps://ldapserver.smp.if.uj.edu.pl TLS_CACERT /etc/ssl/certs/SMP_Root_Certification_Authority.pem TLS_REQCERT hard #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never ------------------------------------------------------------------------ /etc/pam.d/common-auth : auth optional pam_group.so auth sufficient pam_unix.so nullok_secure likeauth auth sufficient pam_ldap.so use_first_pass # ignore_authinfo_unavail auth required pam_deny.so ------------------------------------------------------------------------ /etc/pam.d/common-account : account sufficient pam_unix.so account sufficient pam_ldap.so account required pam_deny.so ------------------------------------------------------------------------ /etc/pam.d/gnome-screensaver : #auth sufficient pam_permit.so @include common-auth auth optional pam_gnome_keyring.so -- Witold Baryluk MAIL: [EMAIL PROTECTED] JID: [EMAIL PROTECTED]
signature.asc
Description: Digital signature